United States Patent and Trademark Office 




UNITED S^TFjttfEPARTMENT OF COMMERCE 
United States""Katent and Trademark Office 
Address: COMMKSIONER FOR PATENTS 
P.O. Bta/1450 

Aloumdrto, Virginia 223 1 3-1 450 
www.usplrj.gov 



APPLICATION NO. 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


09/998,916 


11/30/2001 


Joan C. Teng 


21756-012000 


4277 



51206 7590 09/08/2005 

TOWNSEND AND TOWNSEND AND CREW LLP 
TWO EMBARCADERO CENTER 
8TH FLOOR 

SAN FRANCISCO, CA 94111-3834 



EXAMINER 



MIRZA, ADNAN M 



ART UNIT 



PAPER NUMBER 



2145 

DATE MAILED: 09/08/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



/ 

Office Actinn Hummnrv 


Application No. 

09/998,916 


Applicant(s) 

TENG ET AL 


Examiner 

Adnan M. Mirza 


Art Unit 

2145 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address -■ 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )I3 Responsive to communication(s) filed on 21 June 2005 . 
2a)S This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-49 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) S Claim(s) 1^49 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s)is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Claim Rejections - 35 USC §102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

2. Claims 1-49 are rejected under 35 U.S.C. 102(e) as being unpatentable by Stolfo et al 
(US 2004/0002903). 

As per claims 1,24,32,40 Stolfo disclosed a method for allowing proxies in an Identity System, 
comprising the steps of receiving a request for a first entity to be a proxy for a second entity 
(Page. 4, Paragraph. 0042-0043); associating said first entity with one or more credentials of said 
second entity without authenticating said first entity as said second entity; and allowing said first 
entity to use said Identity System as said second entity based on said one or more credentials of 
said second entity (Page. 4, Paragraph. 0047). 

3. As per claim 2 Stolfo disclosed wherein said step of receiving a request includes the steps 
of: providing a notification to said first entity of an ability to be said proxy for second entity; and 
receiving a request from said first entity to be said proxy for said second entity (Page. 5, 
Paragraph. 0051). 
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4. As per claim 3 Stolfo disclosed wherein: said notification includes an email (Page. 17, 
Paragraph. 0196). 

5. As per claim 4 Stolfo disclosed wherein: said notification includes a display page for said 
Identity System (Page. 18, Paragraph. 0210). 

6. As per claim 5 Stolfo disclosed wherein said step of receiving a request includes the step 
of receiving an indication from said second entity that said first entity can be said proxy for a 
second entity (Page. 15, Paragraph. 0180). 

7. As per claim 6 Stolfo disclosed wherein said step of receiving a request includes the steps 
of providing a list of potential proxy candidates; providing a search mechanism to add more 
candidates to said list of potential proxy candidates (Page. 7, Paragraph. 0071); and receiving a 
selection of one or more of said potential proxy candidates, including a selection of said first 
entity (Page. 18, Paragraph. 0204). 

8. As per claim 7 Stolfo disclosed wherein: said credentials includes a distinguished name 
for said second entity (Page. 8, Paragraph. 0084). 

9. As per claims 8,25,33 Stolfo disclosed wherein: said credentials includes identity profile 
attributes for said second entity (Page. 1, Paragraph. 0004). 
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10. As per claims 9,26,34,46 Stolfo disclosed wherein: said step of associating includes 
storing an identification of said second entity in a data element used to identify said first entity 
(Page. 4, paragraph 0042). 

11. As per claims 10,41 Stolfo disclosed wherein: said step of associating includes storing an 
identification of said second entity in a cookie for said first entity (Page. 18, Paragraph. 0207). 

12. As per claim 1 1 Stolfo disclosed wherein: said step of associating includes using an 
identification of said second entity to identify said first entity (Page. 10, paragraph. 0096). 

13. As per claims 12,27 Stolfo disclosed wherein said step of associating includes the steps 
of accessing an Identity System cookie for said first entity, said Identity System cookie stores an 
identification of said first entity (Page. 1 8, paragraph. 0207); storing said identification of said 
first entity from said step of accessing in a second cookie; and storing an identification of said 
second entity in said an Identity System cookie for said first entity (Page. 5, paragraph. 0051). 

14. As per claims 13,42,47 Stolfo disclosed further comprising the steps of receiving a 
request to terminate said first entity being a proxy for said second entity; accessing said 
identification of said first entity in said second cookie; and storing said identification of said first 
entity in said Identity System cookie for said first entity (Page. 18, Paragraph. 0207). 
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1 5. As per claim 14 Stolfo disclosed further comprising the steps of receiving a request from 
said first entity to access said Identity System; determining whether said Identity System cookie 
for said first entity exists; providing access to said Identity System for said (Page. 18, Paragraph. 
0207). First entity if said Identity System cookie for said first entity exists; and authenticating 
said first entity and creating said Identity System cookie if said Identity System cookie for said 
first entity does not exist prior to said step of determining, said step of creating includes adding 
said identification of said first entity to said Identity System cookie (Page. 19, Paragraph. 213). 

16. As per claims 15,28,36,43,48 Stolfo disclosed wherein said step of allowing includes the 
steps of receiving a request from said first entity to access a service in said Identity System; 
accessing said identification of said second entity in said Identity System cookie (Page. 18, 
Paragraph. 0207); accessing attributes for said second entity based on said identification of said 
second entity in said Identity System cookie; and providing access to said service in said Identity 
System based on said attributes for said second entity (Page. 18, Paragraph. 0209). 

17. As per claims 16,29,37,44,49 Stolfo disclosed wherein: said steps of receiving, 
associating and allowing are performed without said first entity providing a password for said 
second entity (Page. 12, Paragraph. 0125). 

18. As per claim 17 Stolfo disclosed wherein: said step of associating verifies that said 
second entity is a delegated administrator having a right to be proxied (Page. 10, Paragraph. 
0101). 
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1 9. As per claim 1 8 Stolfo disclosed further comprising the step of: delegating a right to be 
proxied to said second entity, said step of associating verifies that said second entity has said 
right to be proxied (Page. 10, Paragraphed. 0101). 

20. As per claim 19 Stolfo disclosed wherein: said Identity System is part of an integrated 
Identity System and Access System (Page. 5, Paragraph. 0051). 

21 . As per claim 20 Stolfo disclosed wherein: said Identity System is part of an integrated 
Identity System and Access System; and said an integrated Identity System and Access System 
uses said credentials of said second entity to authorize said second entity to access resources 
(Page. 5, Paragraph. 0051). 

22. As per claim 21 Stolfo disclosed wherein: said step of allowing does not include using 
said credentials of said second entity to authorize said first entity to access resources (Page. 7, 
Paragraph. 0070). 

23. As per claims 22,30,38 Stolfo disclosed wherein: said Identity System is part of an 
integrated Identity System and Access System; and said steps of associating and allowing 
provide for said first entity to be said proxy for said second entity in said Identity System but 
does not provide for said first entity to be said proxy for said second entity in said Access System 
(Page. 18, Paragraph. 0209). 
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24. As per claims 23,31,39 Stolfo disclosed wherein: said Identity System is part of an 
integrated Identity System and Access System; said step of associating includes the steps of 
accessing an Identity System cookie for said first entity, said Identity System cookie stores an 
identification of said first entity, and storing an identification of said second entity in said an 
Identity System cookie for said first entity (Page. 18, Paragraph. 0209); said Access System uses 
an Access System cookie for said first entity, said Identity System cookie is separate from said 
Access System cookie; and said Access System cookie for said first entity does not store an 
indication of said second entity (Page. 11, Paragraph. 0114). 

25. As per claim 35 Stolfo disclosed wherein: said step of associating include, the steps of: 
accessing an Identity System cookie for said first entity, said Identity System cookie stores an 
identification of said first entity, storing said identification of said first entity from said step of 
accessing in a second cookie (Page. 1 8, Paragraph. 0207), and storing an identification of said 
second entity in said an Identity System cookie for said first entity; and said method further 
comprises the steps of: receiving a request to terminate said first entity being a proxy for said 
second entity; accessing said identification of said first entity in said second cookie, and storing 
said identification of said first entity in said Identity System cookie for said first entity (Page. 18, 
Paragraph. 209). 

26. As per claim 45 Stolfo disclosed One or more processor readable storage devices having 
processor readable code embodied on said processor readable storage devices, said processor 
readable code for programming one: or more processors to perform a method comprising the 
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steps of: receiving an indication that a first entity can be a proxy for a second entity, said 
indication is from said second entity; receiving an indication from said first entity to become said 
proxy for said second entity (Page. 5, Paragraph. 0056); associating said first entity with one or 
more credentials of said second entity without authenticating said first entity as said second 
entity; and allowing said first entity to use said system as said second entity based on said one or 
more credentials of said second entity (Page. 13, Paragraph. 0141). 



Response to Arguments 



Applicant's arguments filed 06/21/2005 have been fully considered but they are not persuasive. 
Response to applicant's argument as follows. 

27. Applicant argued that prior art did not disclose, "associating a first entity with credentials 
of second entity and allowing the first entity to access a system as the second entity and prior art 
did not disclose the Identity system". 

As to applicant's argument Stoflo disclosed, "Alternatively, deliver to a physical address, which 
may not secure said information of the first party to be revealed at the physical facility. 
Alternatively, delivery to a physical address, which may not secure said information of the first 
party, designated by the first party may be provided for by delivering first to first physical 
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address (e.g., a depot), without revealing the private and personal information of the first party to 
the second party and unauthorized parties, and then trans-shipping to a second or last physical 
address designated by the first party but not revealed to the second party. Also Stoflo disclosed, " 
all communications from the first part appear to others to be from a party with an identity of the 
transaction identifier. Only the party providing the first party with the transaction identity. Where 
a purchase is involved, the bank or credit clearing entity stores information linking the true 
identity of the user and the transaction identity (Page. 5, Paragraph. 0051). 



Conclusion 

28. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 . 1 36(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 
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29. Any inquiry concerning this communication or earlier communication from the examiner 
should be directed to Adnan Mirza whose telephone number is (571)-272-3885. 

30. The examiner can normally be reached on Monday to Friday during normal business 
hours. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Rupal Dharia can be reached on (571)-272-3880. The fax for this group is (703)-746- 
7239. 

3 1 . The fax phone numbers for the organization where this application or proceeding is 
assigned are as follows: 

(703)-746-7239 (For Status Inquiries, Informal or Draft Communications, please label 
"PROPOSED" or "DRAFT"); 

(703)-746-7239 (For Official Communications Intended for entry, please mark "EXPEDITED 
PROCEDURE"), 

(703)-746-7238 (For After Final Communications). 

32. Any Inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703)-305-3900. 

Any response to a final action should be mailed to: 
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BOX AF 

Commissioner of Patents and Trademarks Washington, D.C. 20231 
Or faxed to: 

Hand-delivered responses should be brought to 4 th Floor Receptionist, Crystal Park II, 
2021 Crystal Drive, Arlington, VA 22202. 



Adnan Mirza 



Examiner 




